This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Role based lists of Views and ApplicationPages

I got a new issue I currently don't knwo how to implement it exactly. With the current security controller model, it's possible to enable or disable commands based on the user's roles.

I'd like to do something similiar for views and pages. In my commands-context.xml I have the "ShowViewMenu" and "ShowPageMenu" enabled for the window menu. These menu points show all views and pages in the application. Has anyone ever worked on an implementation on filling these lists only with the entries allowed for the user's roles?

If there's no existing solution and someone's is interested I'd like to implement this part and share it afterwards. Any help appreciated though

Which might be a good possibility to use is the ShowPageCommand / ShowViewCommand, which is generated by Spring-RCP internals. They currently get no security controller id and from what I see don't get configured by the security controller. Maybe this might be the shortest path to get this feature working.

Comment

Does anybody have any updates on this feature, I also want to have this feature in my application.
As per my knowledge; authorization can be applied on command level global as well as local(local Executors). But the ShowViewMenu and ShowViewCommand does not have any code for security check.
The feature I require is enable/disable menu entries in the Show View based on roles. Also if possible show the view in read only mode for some roles

Comment

If I understand this correct there is no need to create your own commands because e.g. ShowPageMenu uses the createShowPageCommand that are defined in the PageDescriptor. The createShowPageCommand creates as the name states a ShowPageCommand which is a ActionCommand that implements SecurityControllable. So the solution could be that you extend the PageDescriptor you use and override the createShowPageCommand. In the overrided method you can just call super.createShowPageCommand and then set the securityControllerId, that you have injected in your extended PageDescriptor class, on the created ActionCommand.